Cisco settles FSF GPL lawsuit, appoints compliance officer

The Free Software Foundation has settled its lawsuit against hardware vendor …

The Free Software Foundation (FSF) has settled a GPL compliance lawsuit with network hardware maker Cisco. Under the terms of the settlement, Cisco will make a monetary donation to the FSF and appoint a Free Software Director to conduct continuous reviews of the company's license compliance practices.

The FSF filed a lawsuit against Cisco last year, alleging that Linksys—which is owned by Cisco—routinely failed to adhere to the requirements of GNU's General Public License (GPL), under which Linux and other open source software programs are distributed. The GPL stipulates that recipients of a software program must be permitted to study, modify, and redistribute the underlying source code. According to the FSF, Linksys often declined to provide source code upon request or failed to provide the complete source code of GPL-licensed programs that it integrated into its networking hardware products.

The FSF began communicating with Cisco about the issue in 2003 and helped the company understand its licensing obligations. At the time, Cisco acknowledged its mistakes and attempted to rectify the problem. Linksys continued, however, to fall short of the requirements defined by the GPL. When talks between the FSF and Cisco broke down in 2008, the FSF filed a GPL infringement lawsuit against the company.

Cisco is a major contributor to the kernel and has been investing in community outreach efforts around some of its Linux-based products. As a highly active member in the open source community, Cisco should have known better than to disregard GPL compliance concerns. The FSF lawsuit was an embarrassment for the company and also raised the possibility that Cisco could potentially have lost its right to distribute GPL-licensed software. As we predicted in our coverage of the lawsuit last year, Cisco decided to settle the matter swiftly out of court.

In a statement issued on Wednesday, the FSF described the terms of the settlement and expressed satisfaction with the final outcome of the conflict.

"We are glad that Cisco has affirmed its commitment to the free software community by implementing additional measures within its compliance program and dedicating appropriate resources to them, further reassuring the users' freedoms under the GPL," said FSF executive director Peter Brown in a statement. "Our agreement results in making all of the relevant source code available in the fastest way possible."

This was the first time that the FSF has ever filed a lawsuit over GPL compliance failures relating to use of its own software. The Software Freedom Law Center (SFLC), however, has filed a steady stream of lawsuits against embedded hardware vendors on behalf of the developers of the Busybox project. These lawsuits have consistently been settled out of court.

The FSF and the SFLC believe in nonconfrontational enforcement and only escalate to litigation in cases where vendors are unwilling to cooperate. The obligations associated with distributing GPL-licensed software are not especially onerous, so companies are generally inclined to take the necessary steps when they are properly educated and it becomes clear to them that there are consequences for failing to do so. The swift resolution of the FSF's lawsuit against Cisco demonstrates the efficacy of this approach to enforcement.

19 Reader Comments

How do you figure that Cisco is one of the biggest contributors to the kernel? According to LWN.net (http://lwn.net/Articles/324046/ "Where 2.6.29 came from") Cisco is not even in the top 20 employers of kernel contributors. The only regular participant on the linux-kernel mailing list with an @cisco.com email address is Roland Dreier.

Cisco has a long history of ripping off other people's software, starting from when they stole IOS from Stanford University (they eventually settled with Stanford for billions of dollars.) Why stop now, right?

Originally posted by jwbaker:Cisco has a long history of ripping off other people's software, starting from when they stole IOS from Stanford University (they eventually settled with Stanford for billions of dollars.) Why stop now, right?

Originally posted by jwbaker:Cisco has a long history of ripping off other people's software, starting from when they stole IOS from Stanford University (they eventually settled with Stanford for billions of dollars.) Why stop now, right?

Really, is that true? If so, I'd like to see some stories on that.

IOS is painfully annoying to work on, so why anyone would be so hot to steal it is beyond me, but i guess that was a long time ago.

found this:

quote:

William "Bill" Yeager (born June 16, 1940, San Francisco) is an American engineer. He is best-known for being the inventor of a packet-switched, "Ships in the Night," multiple-protocol router in 1981, during his 20 year tenure at Stanford's Knowledge Systems Laboratory.[1][2] The code was licensed by upstart Cisco Systems in 1987 and comprised the core of the first Cisco IOS.[3]

Well yeah, it was "licensed" after Stanford got wind that Cisco had ripped it off. Yeager wrote the operating system, and Cisco co-founder Len Bosack came to his office, asked for the source code for research purposes, and promptly turned around and started selling it, without royalties or even attribution. In fact, the founders of Cisco made up a bullshit creation myth about how two academics created the Cisco router from nothing more than love and genius, omitting the part about how the hardware had been invented by Andy Bechtolsheim and the software was written by Bill Yeager.

Originally posted by jwbaker:Cisco has a long history of ripping off other people's software, starting from when they stole IOS from Stanford University (they eventually settled with Stanford for billions of dollars.) Why stop now, right?

This is overly simplistic at best. The flap between Cisco and Stanford was settled for considerably less than a half million dollars. And this happened in 1987 - none of the people involved at the time even work for Cisco today. Keep in mind that at the time, Cisco was a couple of people hand-assembling routers on a kitchen table for occasional sale to other universities.

Linksys is a separate company, with its own culture, acquired by Cisco. That it might still have its own culture and practices even now, 6 years after Cisco bought it, is hardly unusual (have you ever worked for a conglomerate?).

You claim a 'long history of ripping off' ... OK. So even taking your founder story at face value, where are the other ripoffs in this "long history" between then and now?

EDIT- oops, wrote 'Stanford' in one spot where I meant 'Cisco. Corrected.

Originally posted by WcW:Something tells me this will just make manufacturers more wary of basing their products on GPL-licensed software :/

Very doubtful. Linksys is still selling the WRT54GL -- essentially a seven year old design -- by the thousands. On Newegg, it's won the Customer's Choice award 23 times so far. All this from an ugly device that doesn't even support 802.11n.

When a friend asks me to help them set up a wireless network, I have two options: recommend a device I trust 100%, or tell them to go to Best Buy and buy something cheap. I know I'm not the only person who is selling routers for Linksys this way.

In the embedded space, GPL software is only getting bigger. Companies like (IIRC) Microtek offer a base open-source firmware for network operators to tune and customize for their deployments. It's a win-win for everyone involved.

We've got some VxWorks-based devices at $DAYJOB, they are notoriously unreliable: eg if you send unexpected traffic their way (like a portscan) the TCP/IP stack will lockup and quit responding. Troubleshooting with tech support was hilariously complicated. Cisco can probably pay a GPL compliance officer for a fraction of the cost of an embedded engineering team.

Originally posted by Nick H:Very doubtful. Linksys is still selling the WRT54GL -- essentially a seven year old design -- by the thousands. On Newegg, it's won the Customer's Choice award 23 times so far. All this from an ugly device that doesn't even support 802.11n.

When a friend asks me to help them set up a wireless network, I have two options: recommend a device I trust 100%, or tell them to go to Best Buy and buy something cheap. I know I'm not the only person who is selling routers for Linksys this way.

^++ It's the best router that I have ever owned. With dd-wrt, it's extremely functional and reliable. I recommend it to everybody.

I haven't tried the newer WRT54G2 with dd-wrt yet. Some say it helps with bandwidth but not connections, or vice versa. And since they haven't a way to go back to the original firmware, I haven't bothered yet.

But, the newer router has a faster processor and just as much ram, just half the flash though.

The best router though was the Buffalo one. Too bad they are banned from selling them here. Thanks a lot, Australia!

I'm kinda disappointed that the WRT54GL, after Linksys heard about people putting custom firmware on the stock G's, was sold for a massive increase in price while they quietly made the new G and GS lines much more difficult to put custom firmware on. Commercial coup, I guess, but even so...

From the article:This was the first time that the FSF has ever filed a lawsuit over GPL compliance failures relating to use of its own software.

"Use of its own software"?

Am I reading this right? The FSF is suing Cisco because Cisco won't adhere to Cisco's own licence? How is this different from, for example, MySQL releasing software under the GPL, but also selling the same software non-GPLed?

If it's Cisco's own software, they shouldn't have to conform to a licence they grant somebody else, should they?

From the article:This was the first time that the FSF has ever filed a lawsuit over GPL compliance failures relating to use of its own software.

"Use of its own software"?

Am I reading this right?

No. This is the first time that FSF has sued a company that is failing to comply with the GPL and is using the FSF's software. Previous GPL infringement cases were filed by the SFLC on behalf of other organizations.

From the article:This was the first time that the FSF has ever filed a lawsuit over GPL compliance failures relating to use of its own software.

"Use of its own software"?

Am I reading this right?

No. This is the first time that FSF has sued a company that is failing to comply with the GPL and is using the FSF's software. Previous GPL infringement cases were filed by the SFLC on behalf of other organizations.

Ya.. It's refering to FSF's 'own software'. That is software whose copyright is owned by FSF and that Cisco is selling to customers.

----------------------------------------

I think that this is much more todo with corporate blundering and mismanagement then any sort of maliciousness on the part of the Linksys portions of Cisco. There isn't going to be anything really special with the FSF owned software that Cisco-Linksys is using.

This is the how the majority of these cases operate. Most of the time hardware companies that produce Linux using NAS devices or networking equipment farm out the OS development to third party companies and they just get back binaries. They don't understand the copyright stuff well or don't really even understand what they are selling half of the time.

So copyright infringement is usually very unintentionable. A mistake. People figure out that they are using a bunch of GPL software, but are unable to get the source code for it from the companies redistributing it and then they try to contact those companies to get it. Those companies don't understand what is going on and don't have anybody set up to deal with issues... so they don't get resolved. Everybody is busy with their own lives and their particular job function and nobody is usually setup to take copyright issues into account.

So eventually somebody who owns the copyright has to get a lawyer to send a nasty letter to get their attention. After a few months somebody sticks a tarball up on a ftp site and that's that. No big deal. If they fight it then they may end up getting charged with the legal bills and maybe a donation or something like that to FSF, which is going to be relatively rare.

Actually going to court over GPL violations is exceedingly rare. USA (and most counties) have very strong copyright laws. Once the laywers kinda explain this to their clients then their clients realize that they made a mistake. Use their software, use their license. Otherwise there is always BSD. And usually it's all hush-hush so as to not make anybody look bad.

But in this case FSF has been trying to work this out with Cisco since 2003, which I beleive is when Cisco aquired Linksys. And they were trying to work with Linksys before that. And you would think that Linksys, being somewhat of a pioneer in using Linux in low-cost wifi equipement, would know better in the first place.

So this has been dragging out for 5+ years before the FSF decided to go to court over it, which then forced Cisco to settle out of court rather then risk losing the right to distribute Linux.

----------------------

And, of course, like most tech companies they are getting more and more into shipping and supporting Linux as part of their core business, which is going to be midrange to high level business networking equipment. Stuff like turning routing equipment into something that can be a Linux app server, or hosting IOS images as processes running under a Linux kernel, etc.

I'm sure there are others, but in doing some research into PAFF interlacing in FFmpeg, I came across their hall of shame for GPL violations:http://www.ffmpeg.org/shame.html

Looking through some of the comments, there are some software vendors that like to take GPL software, do little else than re-skin it, and then sell it as their own with no hint of proper licensing and attribution. They'll put terms in their own commercial license like the user can only install it on one computer, can't reverse engineer it, and cannot redistribute the binaries. Problem is, they've taken Free code and made it non-Free and have arbitrarily placed restrictions on the same.

I never understood why people like to work for free and then companies take this work and make billions from it.

It really depends on that person's motivation. Sometimes it's a hobby. Sometimes people want to get something done, but know that there isn't much hope of commercial success if they do it on their own, so making it open source means that people that use it contribute back to it. Sometimes people really do beleive in software freedom. Sometimes companies try to use open source as a sort of 'shareware' were they have 'value-added' services and proprietary software that compliments it. MySQL, for example, got commercial success by following a dual-licensing approach were they had GPL'd software on one hand and a proprietary license you could purchase in the other. Redhat puts a lot of money and time developing open source software since they can sell people on support contracts and services based on the expertise that they gather from doing things like that (which is also a reoccuring revenue stream and is much more valuable to companies then on-time fees like licensing charges).

All sorts of reasons.

If this sort of thing bothers a author of a GPL'd software and they don't think that they can handle the legal system on there own... then that is what the FSF is for. They have lawyers, expertise, and the funding to go after violators and get a respectful settlement.

The downside is that they would have to assign copyright to the FSF. The FSF says that this is required because they cannot persue legal action as a orginization without holding the copyrights. In copyright law only the owners of the copyrights can do legal action.

From the article:This was the first time that the FSF has ever filed a lawsuit over GPL compliance failures relating to use of its own software.

"Use of its own software"?

Am I reading this right?

No. This is the first time that FSF has sued a company that is failing to comply with the GPL and is using the FSF's software. Previous GPL infringement cases were filed by the SFLC on behalf of other organizations.